package org.apache.james.jmap.rfc8621.contract.custom.authentication.strategy;

import com.google.inject.Module;
import io.restassured.RestAssured;
import io.restassured.http.Header;
import java.util.List;
import java.util.Optional;
import net.javacrumbs.jsonunit.assertj.JsonAssertions;
import org.apache.james.GuiceJamesServer;
import org.apache.james.jmap.JMAPTestingConstants;
import org.apache.james.jmap.core.JmapRfc8621Configuration;
import org.apache.james.jmap.draft.JmapGuiceProbe;
import org.apache.james.jmap.rfc8621.contract.Fixture;
import org.apache.james.utils.DataProbeImpl;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/james/jmap/rfc8621/contract/custom/authentication/strategy/ModularizeJmapRFC8621AuthenticationStrategyContract.class */
public abstract class ModularizeJmapRFC8621AuthenticationStrategyContract {
    public static Optional<List<String>> ALLOW_AUTHENTICATION_STRATEGY = Optional.of(List.of(AllowAuthenticationStrategy.class.getCanonicalName()));
    public static Optional<List<String>> DENY_AUTHENTICATION_STRATEGY = Optional.of(List.of(DenyAuthenticationStrategy.class.getCanonicalName()));
    public static Optional<List<String>> DEFAULT_STRATEGIES = Optional.empty();
    private GuiceJamesServer jmapServer;

    public void setupJamesServerWithCustomAuthenticationStrategy(GuiceJamesServer guiceJamesServer, Optional<List<String>> optional) throws Throwable {
        this.jmapServer = createJmapServer(guiceJamesServer, optional);
        this.jmapServer.start();
        RestAssured.requestSpecification = JMAPTestingConstants.jmapRequestSpecBuilder.setPort(this.jmapServer.getProbe(JmapGuiceProbe.class).getJmapPort().getValue()).setBasePath("/jmap").build();
        this.jmapServer.getProbe(DataProbeImpl.class).fluent().addDomain(Fixture.DOMAIN().asString()).addUser(Fixture.BOB().asString(), Fixture.BOB_PASSWORD());
    }

    private GuiceJamesServer createJmapServer(GuiceJamesServer guiceJamesServer, Optional<List<String>> optional) {
        return guiceJamesServer.overrideWith(new Module[]{binder -> {
            binder.bind(JmapRfc8621Configuration.class).toInstance(JmapRfc8621Configuration.LOCALHOST_CONFIGURATION().withAuthenticationStrategies(optional));
        }});
    }

    @AfterEach
    public void teardown() {
        this.jmapServer.stop();
    }

    @Test
    public void givenAllowAuthenticationStrategyWhenEchoMethodShouldSucceedWithoutAuthentication(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, ALLOW_AUTHENTICATION_STRATEGY);
        JsonAssertions.assertThatJson(RestAssured.given().header("Accept", Fixture.ACCEPT_RFC8621_VERSION_HEADER(), new Object[0]).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(200).extract().body().asString()).isEqualTo(Fixture.ECHO_RESPONSE_OBJECT());
    }

    @Test
    public void givenDenyAuthenticationStrategyWhenEchoMethodShouldReturnUnauthorizedCode(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DENY_AUTHENTICATION_STRATEGY);
        RestAssured.given().header("Accept", Fixture.ACCEPT_RFC8621_VERSION_HEADER(), new Object[0]).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(401).body("status", Matchers.equalTo(401), new Object[0]).body("type", Matchers.equalTo("about:blank"), new Object[0]).body("detail", Matchers.equalTo("No valid authentication methods provided"), new Object[0]);
    }

    @Test
    public void givenDenyAuthenticationStrategyWhenEchoMethodWithValidJWTShouldReturnUnauthorizedCode(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DENY_AUTHENTICATION_STRATEGY);
        RestAssured.given().headers(Fixture.getHeadersWith(new Header(Fixture.AUTHORIZATION_HEADER(), "Bearer " + Fixture.USER_TOKEN()))).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(401).body("status", Matchers.equalTo(401), new Object[0]).body("type", Matchers.equalTo("about:blank"), new Object[0]).body("detail", Matchers.equalTo("No valid authentication methods provided"), new Object[0]);
    }

    @Test
    public void givenDefaultStrategiesWhenEchoMethodWithoutAuthenticationShouldFail(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DEFAULT_STRATEGIES);
        RestAssured.given().header("Accept", Fixture.ACCEPT_RFC8621_VERSION_HEADER(), new Object[0]).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(401).body("status", Matchers.equalTo(401), new Object[0]).body("type", Matchers.equalTo("about:blank"), new Object[0]).body("detail", Matchers.equalTo("No valid authentication methods provided"), new Object[0]);
    }

    @Test
    public void givenDefaultStrategiesWhenEchoMethodWithValidBasicAuthenticationShouldSucceed(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DEFAULT_STRATEGIES);
        RestAssured.given().headers(Fixture.getHeadersWith(Fixture.BOB_BASIC_AUTH_HEADER())).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(200);
    }

    @Test
    public void givenDefaultStrategiesWhenEchoMethodWithInvalidBasicAuthenticationShouldFail(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DEFAULT_STRATEGIES);
        RestAssured.given().headers(Fixture.getHeadersWith(new Header(Fixture.AUTHORIZATION_HEADER(), "Basic " + Fixture.toBase64(Fixture.BOB().asString() + ":WRONG_PASSWORD")))).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(401).body("status", Matchers.equalTo(401), new Object[0]).body("type", Matchers.equalTo("about:blank"), new Object[0]).body("detail", Matchers.equalTo("No valid authentication methods provided"), new Object[0]);
    }

    @Test
    public void givenDefaultStrategiesWhenEchoMethodWithValidJWTAuthenticationShouldSucceed(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DEFAULT_STRATEGIES);
        RestAssured.given().headers(Fixture.getHeadersWith(new Header(Fixture.AUTHORIZATION_HEADER(), "Bearer " + Fixture.USER_TOKEN()))).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(200);
    }

    @Test
    public void givenDefaultStrategiesWhenEchoMethodWithValidUnknownUserJWTAuthenticationShouldSucceed(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DEFAULT_STRATEGIES);
        RestAssured.given().headers(Fixture.getHeadersWith(new Header(Fixture.AUTHORIZATION_HEADER(), "Bearer " + Fixture.UNKNOWN_USER_TOKEN()))).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(401).body("status", Matchers.equalTo(401), new Object[0]).body("type", Matchers.equalTo("about:blank"), new Object[0]).body("detail", Matchers.equalTo("Failed Jwt verification"), new Object[0]);
    }

    @Test
    public void givenDefaultStrategiesWhenEchoMethodWithInvalidJWTAuthenticationShouldSucceed(GuiceJamesServer guiceJamesServer) throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(guiceJamesServer, DEFAULT_STRATEGIES);
        RestAssured.given().headers(Fixture.getHeadersWith(new Header(Fixture.AUTHORIZATION_HEADER(), "Bearer " + Fixture.INVALID_JWT_TOKEN()))).body(Fixture.ECHO_REQUEST_OBJECT()).when().post().then().statusCode(401).body("status", Matchers.equalTo(401), new Object[0]).body("type", Matchers.equalTo("about:blank"), new Object[0]).body("detail", Matchers.equalTo("Failed Jwt verification"), new Object[0]);
    }
}
